Topics in Timed Automata B. Srivathsan RWTH-Aachen Software - - PowerPoint PPT Presentation

Topics in Timed Automata

• B. Srivathsan

RWTH-Aachen

Software modeling and Verification group

1/34

L(A) ⊆ L(B) System Specification L(A) ∩ L(B) empty? Is

2/34

L(A) ⊆ L(B) System Specification L(A) ∩ L(B) empty? Is first determinize B

2/34

Lecture 2: Determinizing timed automata

3/34

q

a a

q

a

4/34

q

a a

q

a

4/34

q

a a

q

a

q R1 R2

a, g1 a, g2

4/34

q

a a

q

a

q R1 R2

a, g1 a, g2 g1 and g2 should be mutually exclusive

For every (q, v) there is only one choice

4/34

Deterministic Timed Automata

q

. . . . . . . . . . . . . . .

a, g1

R1

a, g2

R2

a, gk

Rk

gi ∧ gj is unsatisfiable complete if g1 ∨ g2 ∨ . . . gk = ⊤

A theory of timed automata

• R. Alur and D. Dill, TCS’90

5/34

Deterministic Timed Automata

q

. . . . . . . . . . . . . . .

a, g1

R1

a, g2

R2

a, gk

Rk

gi ∧ gj is unsatisfiable complete if g1 ∨ g2 ∨ . . . gk = ⊤ + single initial state

A theory of timed automata

• R. Alur and D. Dill, TCS’90

5/34

Deterministic Timed Automata

q

. . . . . . . . . . . . . . .

a, g1

R1

a, g2

R2

a, gk

Rk

gi ∧ gj is unsatisfiable complete if g1 ∨ g2 ∨ . . . gk = ⊤ + single initial state

Unique run A DTA has a unique run on every timed word

A theory of timed automata

• R. Alur and D. Dill, TCS’90

5/34

q0 q1 x = 1, a {x} x = 1, a {x}

a DTA

q0 q1 q2 a {x} x = 1, a a a a

not a DTA

6/34

q s t

a, g1

R1

a, g2

R2

q′ s′ t′

a, g′

1

R′

1

a, g′

2

R′

2

q, q′ s, s′ s, t′ t, s′ t, t′ g1 ∧ g′

1 R1 ∪ R′

1

g1 ∧ g′

2 R1 ∪ R′

2

g2 ∧ g′

1 R2 ∪ R′

1

g2 ∧ g′

2 R2 ∪ R′

2

Accepting states: (qF, ⋆) and (⋆, q′

F) for union

(qF, q′

F) for intersection

7/34

q s t

a, g1

R1

a, g2

R2

q′ s′ t′

a, g′

1

R′

1

a, g′

2

R′

2

q, q′ s, s′ s, t′ t, s′ t, t′ g1 ∧ g′

1 R1 ∪ R′

1

g1 ∧ g′

2 R1 ∪ R′

2

g2 ∧ g′

1 R2 ∪ R′

1

g2 ∧ g′

2 R2 ∪ R′

2

Accepting states: (qF, ⋆) and (⋆, q′

F) for union

(qF, q′

F) for intersection

unique choice unique choice ⇒ unique choice

7/34

Theorem DTA are closed under union and intersection

8/34

Complementation

Unique run A DTA has a unique run on every timed word ⇒ DTA are closed under complement

(interchange accepting and non-accepting states)

9/34

Every DTA is a TA: L(DTA) ⊆ L(TA) But there is a TA that cannot be complemented (Lecture 1) ∴ L(DTA) ⊂ L(TA)

10/34

DTA

Unique run Closed under ∪, ∩, comp. L(DTA) ⊂ L(TA)

11/34

Given a TA, when do we know if we can determinize it?

12/34

Given a TA, when do we know if we can determinize it? Theorem [Finkel’06] Given a TA, checking if it can be determinized is undecidable

12/34

Given a TA, when do we know if we can determinize it? Theorem [Finkel’06] Given a TA, checking if it can be determinized is undecidable Following next: some sufficient conditions for determinizing

12/34

q s t

a a

q {s, t}

a

13/34

q s t

a a

q {s, t}

a

q s t

a, g1 a, g2

13/34

q s t

a a

q {s, t}

a

q s t

a, g1 a, g2

q {s, t} {s} {t} {} g1 ∧ g2 g1 ∧ ¬g2 ¬g1 ∧ g2 ¬g1 ∧ ¬g2 a a a a

13/34

q s t

a a

q {s, t}

a

q s t

a, g1 a, g2

q {s, t} {s} {t} {} g1 ∧ g2 g1 ∧ ¬g2 ¬g1 ∧ g2 ¬g1 ∧ ¬g2 a a a a

{x}

13/34

q s t

a a

q {s, t}

a

q s t

a, g1 a, g2

q {s, t} {s} {t} {} g1 ∧ g2 g1 ∧ ¬g2 ¬g1 ∧ g2 ¬g1 ∧ ¬g2 a a a a

{x}

To reset or not to reset?

13/34

q s t

a a

q {s, t}

a

q s t

a, g1 a, g2

q {s, t} {s} {t} {} g1 ∧ g2 g1 ∧ ¬g2 ¬g1 ∧ g2 ¬g1 ∧ ¬g2 a a a a

{x}

To reset or not to reset? First solution: Whenever a, reset xa

13/34

Event-recording clocks: time since last occurence of event

a → xa

1 2 4 5 6 7 0.5 2.8 6.5

a a a b b b

xa xb

1.5: 2: 0.8 1 2.5 ⊥ ⊥ ⊥ ⊥ 1.2 2.2: 1.5:

Event-clock automata: a determinizable subclass of timed automata Alur, Henzinger, Fix. TCS’99

14/34

Event-recording automata

q0 q1 q2 q3

a b c d xa < 1 xb > 2

{ ( (abcd)k, τ ) | a − c distance is < 1 and b − d distance is > 2} q0 q1 q2

a b b xa = 1

{ (ab∗b, τ) | distance between first and last letters is 1}

15/34

Event-recording automata

q0 q1 q2 q3

a b c d xa < 1 xb > 2

{ ( (abcd)k, τ ) | a − c distance is < 1 and b − d distance is > 2} q0 q1 q2

a b b xa = 1

{ (ab∗b, τ) | distance between first and last letters is 1}

non-deterministic

15/34

Determinizing ERA: modified subset construction

q s t

a, g1 a, g2

q {s, t} {s} {t} {} g1 ∧ g2 g1 ∧ ¬g2 ¬g1 ∧ g2 ¬g1 ∧ ¬g2 a a a a

exponential in the number of states

16/34

DTA

Unique run Closed under ∪, ∩, comp. L(DTA) ⊂ L(TA)

Determinizable subclasses

ERA

17/34

q s t

a, g1 a, g2

q {s, t} {s} {t} {} g1 ∧ g2 g1 ∧ ¬g2 ¬g1 ∧ g2 ¬g1 ∧ ¬g2 a a a a

{x}

To reset or not to reset?

18/34

q s t

a, g1 a, g2

q {s, t} {s} {t} {} g1 ∧ g2 g1 ∧ ¬g2 ¬g1 ∧ g2 ¬g1 ∧ ¬g2 a a a a

{x}

To reset or not to reset? Coming next: slightly modified version of BBBB-09

When are timed automata determinizable?

Baier, Bertrand, Bouyer, Brihaye. ICALP’09 18/34

q s t

{x} a, g1 a, g2

q {(s, ), (t, )} {(s, )} {(t, )} {} g1 ∧ g2 g1 ∧ ¬g2 ¬g1 ∧ g2 ¬g1 ∧ ¬g2 a a a a

19/34

q s t

{x} a, g1 a, g2

q {(s, ), (t, )} {(s, )} {(t, )} {} g1 ∧ g2 g1 ∧ ¬g2 ¬g1 ∧ g2 ¬g1 ∧ ¬g2 a a a a {z} {z} {z} {z}

19/34

q s t

{x} a, g1 a, g2

q {(s, x : z), (t, x : x)} {(s, x : z)} {(t, x : x)} {} g1 ∧ g2 g1 ∧ ¬g2 ¬g1 ∧ g2 ¬g1 ∧ ¬g2 a a a a {z} {z} {z} {z}

19/34

q s t

{x} a, g1 a, g2 a, x ≤ 5 a, x > 2

q {(s, x : z), (t, x : x)} {(s, x : z)} {(t, x : x)} {} g1 ∧ g2 g1 ∧ ¬g2 ¬g1 ∧ g2 ¬g1 ∧ ¬g2 a a a a {z} {z} {z} {z}

19/34

q s t

{x} a, g1 a, g2 a, x ≤ 5 a, x > 2

q {(s, x : z), (t, x : x)} {(s, x : z)} {(t, x : x)} {} z ≤ 5 ∧ x > 2 z ≤ 5 ∧ x ≤ 2 z > 5 ∧ x > 2 z > 5 ∧ x ≤ 2 g1 ∧ g2 g1 ∧ ¬g2 ¬g1 ∧ g2 ¬g1 ∧ ¬g2 a a a a {z} {z} {z} {z}

19/34

z0 z1 z2 zi

. . . . . .

Reset a new clock zi at level i

20/34

z0 z1 z2 zi

. . . . . .

Reset a new clock zi at level i

{(q1, σ1), (q2, σ2), . . . , (qk, σk)} σj : X → {z0, . . . , zi}

20/34

z0 z1 z2 zi

. . . . . .

Reset a new clock zi at level i

{(q1, σ1), (q2, σ2), . . . , (qk, σk)} σj : X → {z0, . . . , zi}

When do finitely many clocks suffice ?

20/34

Integer reset timed automata

q1 q2

a, g R

Conditions:

◮ g has integer constants ◮ R is non-empty iff g has some constraint x = c

Implication:

◮ Along a timed word, a reset of an IRTA happens only at

integer timestamps

Timed automata with integer resets: Language inclusion and expressiveness

Suman, Pandya, Krishna, Manasa. FORMATS’08 21/34

q0 q1 x = 1, a {x} x = 1, a {x}

an IRTA

q0 q1 q2 a {x} x = 1, a a a a

not an IRTA

22/34

q0 q1 x = 1, a {x} x = 1, a {x}

an IRTA

q0 q1 q2 a {x} x = 1, a a a a

not an IRTA Next: determinizing IRTA using the subset construction

22/34

M: max constant from among guards

zi1 zi2 zik

. . . . . . . . . . . .

zi1 zi2 . . . zik active clocks

assume the semantics of timed word (w, τ) such that τ1 < τ2 < · · · < τk ◮ If k ≥ M + 1, then zi1 > M (as reset is only in integers) ◮ Replace zi1 with ⊥ and reuse zi1 further

23/34

DTA

Unique run Closed under ∪, ∩, comp. L(DTA) ⊂ L(TA)

Determinizable subclasses

ERA IRTA

24/34

z0 z1 z2 zi

. . . . . .

Reset a new clock zi at level i

{(q1, σ1), (q2, σ2), . . . , (qk, σk)} σj : X → {z0, . . . , zi}

When do finitely many clocks suffice ?

25/34

Strongly non-Zeno automata

A TA is strongly non-Zeno if there is K ∈ N : every sequence of greater than K transitions elapses at least 1 time unit

q0 q1 x < 1, a x = 1, a

not SNZ

q0 q1 x = 1, a {x} x = 1, a {x}

SNZ

26/34

Theorem Finitely many clocks suffice in the subset construction for strongly non-Zeno automata

(The number of clocks depends on size of region automaton...)

When are timed automata determinizable?

Baier, Bertrand, Bouyer, Brihaye. ICALP’09 27/34

Complexity of subset construction

{(q1, σ1), (q2, σ2) . . . (qk, σk)} σj : X → {z0, . . . , zp−1}

28/34

Complexity of subset construction

{(q1, σ1), (q2, σ2) . . . (qk, σk)} σj : X → {z0, . . . , zp−1} . . . σj :

|X| places p choices

28/34

Complexity of subset construction

{(q1, σ1), (q2, σ2) . . . (qk, σk)} σj : X → {z0, . . . , zp−1} . . . σj :

|X| places p choices

• no. of σj : p|X|
• no. of (qj, σj) : |Q| · p|X|

28/34

Complexity of subset construction

{(q1, σ1), (q2, σ2) . . . (qk, σk)} σj : X → {z0, . . . , zp−1} . . . σj :

|X| places p choices

• no. of σj : p|X|
• no. of (qj, σj) : |Q| · p|X|

2|Q| · p|X|

→ doubly exponential in the size of initial automaton

28/34

DTA

Unique run Closed under ∪, ∩, comp. L(DTA) ⊂ L(TA)

Determinizable subclasses

ERA IRTA SNZ

29/34

q0 q1 q2 a {x} b x = 1, a ERA IRTA SNZ q0 q1 q2 {x} a x = 2, a x = 1, a ERA IRTA SNZ q0 q1 q2 q2 a {x} a x = 1, a ERA IRTA SNZ

30/34

ERA IRTA SNZ DTA TA

31/34

Closure properties of ERA, IRTA, SNZ

◮ Union: disjoint union √ ◮ Intersection: product construction √ ◮ Complement: determinize & interchange acc. states √

32/34

DTA

Unique run Closed under ∪, ∩, comp. L(DTA) ⊂ L(TA)

Determinizable subclasses

ERA IRTA SNZ

ERA, IRTA, SNZ

Incomparable Closed under ∪, ∩, comp.

33/34

Perspectives

Other related work:

◮ Event-predicting clocks (Alur, Henzinger, Fix’99) ◮ Bounded two-way timed automata (Alur, Henzinger’92)

For the future:

◮ Infinite timed words: Safra? ◮ Efficient algorithms

34/34